Dynamic directory service

ABSTRACT

In a network of computer nodes, a directory service provides both the physical location of directory information around the network and the directory information itself in a single data structure. This single data structure is distributed throughout the network, and continuously redistributed, so as to create a directory service that is both more flexible, and more robust, than prior art directory services.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of co-pending U.S. patentapplications Ser. No. 08/754,481, filed Nov. 22, 1996, and Ser. No.______ filed Mar. 28, 1997 and bearing attorney docket number CLC-002.The entirety of both of these applications is incorporated herein byreference.

TECHNICAL FIELD

The present invention relates in general to directory services and, morespecifically, to a dynamic directory service that maintains a directoryin which is stored both (1) directory information and (2) informationidentifying the physical layout or structure of the directory.

BACKGROUND INFORMATION

Computer-based structured storage systems, such as computer file systemsand database systems, have been remarkably successful at providing userswith quick and facile access to enormous amounts of data Structuredstorage systems have allowed businesses to generate and maintainenormous stores of persistent data that the company can modify andupdate over the course of years. For many companies, this persistentdata is a valuable capital asset that is employed each day to performthe company's core operations. The data can be, for example, computerfiles (e.g., source code, wordprocessing documents, etc.), databaserecords and information (e.g., information on employees, customers,and/or products), and/or Web pages.

A typical computer based structured storage system includes a centralserver that provides centralized control over the structured store ofdata. The structured store of data is the information that is beingmaintained by the system, such as information in the files anddirectories of a file system or within the records of a database system.The central server provides system services to a plurality ofinterconnected network client nodes, and each of the client nodesemploys the central server to access and manipulate the structured storeof data.

It is common to use the central network server to provide a directoryservice, i.e., a specialized hierarchical database of network, user, andother computer system configuration information. This informationtypically includes operating system configuration information,application program configuration information, network configurationinformation, network-accessible resources, exported devices andservices, network printers, and user account records. Network useraccount records are what allow network-wide, unified “log on,” and theyallow sophisticated application programs to obtain broader, coherentname spaces (e.g., electronic mail system application programs).Novell's Directory Server (NDS), available from Novell, Inc. of Provo,Utah, is one example of software that implements a directory service andthat runs on a central server to allow maintenance of and access todirectory information.

Although central server directory services such as NDS generally work,problems arise from relying on centralized control. For example, theoperation of the network is dependent upon the proper functioning of thecentral server. Any failure of the server to maintain proper operation,such as a power failure, hardware failure, or other such system failure,will disable the entire network and generally prevent users fromobtaining access to the network and its resources. Additionally, a floodof client requests (e.g., access of user account records) can overloadthe central server and slow down or crash the network. Accordingly,reliance on a centralized, server-based directory service can result inslow operation or total network failure during periods of heavy use.

An additional problem with a client-server network system is that itprovides a static operating environment that is set for optimalperformance at a certain level of network activity. Consequently, thenetwork fails to exploit available resources to improve systemperformance. In particular, as the system activity rises above or dropsbelow the expected level of network activity, the static operatingenvironment lacks any ability to reconfigure dynamically the allocationof network resources to one providing better performance for the presentlevel of activity.

Technology has been developed to improve the reliability and operationof a centralized server directory service. This technology involvesemploying a plurality of central servers. Each of the servers provides adirectory service. Whenever the directory information changes, all ofthe redundant servers are updated so that requests can be made to any ofthe centralized servers without impacting the correctness of theresponse.

While this statically replicated technology improves upon the singleserver arrangement, it generally performs poorly or fails as the size ofthe network increases. As client nodes are added to the network and moredirectory servers are added to the network to handle the correspondingincreased network load, the sustainable update rate of informationmanaged by the servers decreases because the overhead and complexity ofpropagating updates (i.e., changes to the data stored in and replicatedacross the directory servers) increases with the increased network size.Thus, known directory services are inherently read-mostly repositories,and that is the way they are designed and used. That is, known directoryservices are used only for infrequently-updated directory information.

Examples of this centralized, statically replicated, hierarchicaldirectory service technology include Microsoft's Active Directory (NT5.0), NDS, Banyan's Streetalk, and X.500 directory services. LightweightDirectory Access Protocol (LDAP) is a “common” protocol that can be usedto access data from any compatible directory server such as NDS.

SUMMARY OF THE INVENTION

It is an object of the invention to provide a dynamic directory servicethat is an improvement over centralized, statically replicated,hierarchical database directory services.

It is also an object of the invention to provide a dynamic directoryservice that maintains a directory in which is stored both (1) directoryinformation and (2) the physical layout of the directory itself. Thatis, the invention involves the use of a directory having bothinformation about where to find the directory information of interest aswell as the actual directory information.

It is a further object of the invention to provide a dynamic directoryservice that is more reliable and provides improved fault tolerantoperation over existing directory services, and that has the ability toreplicate and move data dynamically in response to network activitylevels and access patterns. This ability optimizes performance andminimizes the time required, to provide directory information (e.g.,network configuration information, organizational information, userconfiguration information, and network-accessible resources such asexported devices and services, network printers, and user accountrecords) to requesting network nodes.

It is yet another object of the invention to provide a dynamic directoryservice that provides distributed control over a structured store ofdirectory information and that allows that information to be changedand/or updated with higher frequency than generally possible withexisting directory services without adversely effecting networkperformance or network node access times.

It is still another object of the invention to provide a dynamicdirectory service that maintains and allows access tofrequently-changing, as well as infrequently-changed, directoryinformation.

The directory service of the invention maintains both the physicallocation information and the directory information itself in the samedata structure. That data structure is distributed around the network,and all of the directory information is homeless (except, usually, aroot record). The distributed directory service of the invention allowsnetwork nodes to locate copies of records to which the nodes wantaccess. A globally unique identifier (GUID) is associated with eachrecord as a unique index key that can be used to identify the record onthe network. It contains no location information, and a given record canbe physically located anywhere on the network. Each of the records alsocan migrate from physical location (node) to physical location (node)around the network. The invention provides automatic migration and/orreplication of directory information among the network nodes withoutreconfiguring the network nodes and in a manner transparent to users atthe nodes. An example of a mechanism that can be used to keep replicatedrecords consistent is a single-writer, multiple-reader, write-invalidateprotocol.

The directory service of the invention can, in some specificembodiments, employ a globally-addressable unstructured memory system tomaintain simultaneously both the directory information and layoutinformation in accordance with the invention. For example, the directoryservice can employ the distributed shared memory (DSM) system describedin the above-identified, incorporated-by-reference patent applications,which DSM system distributes the storage of data across some or all ofthe storage devices connected to a network. Storage devices that may beconnected to the network and accessible to the network nodes by addressvia the DSM system include, for example, RAM, hard disk drives, tapedrives, floppy disk drives, and CD-ROM drives. In some embodiments, thedynamic directory service is a computer program that interfaces to a DSMsystem to operate the DSM system as a memory device that providesstorage of and access to the directory information. The directoryservice program can direct the DSM system to map directory informationinto the shared memory space. The DSM system can include functionalityto share, migrate, and replicate data coherently. In one embodiment, theDSM system provides memory device services to the directory serviceprogram. These services can include read, write, allocate, flush, or anyother similar or additional service suitable for providing low levelcontrol of a storage device. The directory service program employs theseDSM system services to allocate and access portions of the shared memoryspace for creating and manipulating the directory information. Inconnection with these embodiments, a system and related method foraccessing directory information includes a computer network, a globallyaddressable data storage system, and a plurality of computers coupled tothe network and the data storage system. The globally addressable datastorage system provides persistent storage of data and containsdirectory information. The plurality of computers access the datastorage system to obtain directory information. Based on the accesspatterns by the computers and/or the available network resources, thedata storage system replicates and migrates directory information amongtwo or more of the computers.

In one aspect, the invention relates to a method comprising the steps ofproviding a plurality of nodes interconnected by a network and storingon one or more of the nodes a directory containing both the directoryinformation and information about the layout of the directory (i.e.,where to find the directory information).

In another aspect, the invention relates to a method comprising thesteps of providing a plurality of nodes interconnected by a network,providing a directory service on the network by installing on each ofthe nodes a directory service program that allows directory informationto be accessed by each of the nodes and that stores on one or more ofthe nodes a directory including both the directory information andinformation about the location of the directory information on thenetwork, and obtaining both the physical location of directoryinformation of interest and the directory information of interest itselfby accessing the directory service.

The foregoing and other objects, aspects, features, and advantages ofthe invention will become more apparent from the following descriptionand from the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, like reference characters generally refer to the sameparts throughout the different views. Also, the drawings are notnecessarily to scale, emphasis instead generally being placed uponillustrating the principles of the invention.

FIG. 1 is a conceptual block diagram of a dynamic directory serviceaccording to the invention.

FIG. 2 is a diagram of the types of directory information that can bemaintained by a dynamic directory service of the invention.

FIG. 3 is a diagram of a directory record used by a dynamic directoryservice according to the invention.

FIG. 4A is a flowchart of the steps a directory service of the inventiontakes to service a request from a network node for directoryinformation.

FIG. 4B is a flowchart disclosing additional detail of the steps takenby the directory service to service the network node's request fordirectory information.

FIG. 5 is a diagram showing an example of directory records of adistributed dynamic directory service according to the invention.

DESCRIPTION

According to the invention, a computer network system 10 includes aplurality of network nodes that access a common directory service. Thedirectory service is a specialized hierarchical structured database.Examples of the types of information that can be stored and maintainedby the directory service include operating system configurationinformation, application program configuration information, networkconfiguration information, network-accessible resources, exporteddevices and services, network printers, and network user accountrecords. Each of the nodes on the network includes at least a directoryservice program that accesses and manages the directory service. Thedirectory service may be stored in an addressable shared memory or itmay be stored in a more traditional fashion. For example, each node maybe responsible for storing a particular element or elements of thedirectory service. In such an embodiment, the directory service programcan access a desired portion of the structured store using aglobally-unique tag or identifier. The underlying system would translatethe tag or identifier into one or more commands for accessing thedesired data, including network transfer commands. In anotherembodiment, the directory service is stored in an addressable sharedmemory space, which allows the network nodes transparently to accessportions of the structured store using standard memory access commands.In a preferred embodiment, the tag or identifier is an address into anaddressable memory space such as a 128-bit address space.

The system 10 can be a file system, a database system a Web server, anobject repository system, or any other structured storage system thatmaintains an organized set of data. In the disclosed embodiment, thesystem 10 is a directory service that maintains various directoryinformation.

Referring to FIG. 1, in one embodiment, the network system 10 includes aplurality of network nodes 12 a-12 d and a common directory servicesubsystem 20 that provides a dynamic directory service 22 according tothe invention. The dynamic directory service 22 maintains and providesaccess to data including both the directory information itself and thephysical layout of the directory on the network. Each of the nodes 12a-12 d can include several sub-elements. For example, node 12 a includesa processor 30 a and a directory service program 32 a for accessing thedirectory service 22. One or more of the nodes can include a monitor fordisplaying graphically (40, 42) the directory service 22.

A system 10 according to the invention can provide, among other things,each network node 12 a-12 d with shared control over the directoryservice 22 and, therefore, the system 10 can distribute control of thedirectory information across the nodes of the network. To this end, eachnode of the system 10, such as node 12 a, includes a directory serviceprogram 32 a that operates as a structured directory service adapted tomaintain directory information and to employ all of the network nodesfor storing and allowing access to the directory information. Thesecooperating elements provide a structured storage system that has adistributed architecture and thereby achieves greater fault tolerance,reliability, and flexibility than known directory services that rely oncentralized control and one or more centralized servers. Accordingly,the invention provides computer networks with distributively controlledand readily scaled directory services.

Still referring to FIG. 1, in one embodiment, the system 10 maintains adirectory service 22 within a globally addressable unstructured storagesystem. Each of the nodes 12 a-12 d can access that storage system andthe directory service 22 through the directory service programs 32 a-32d. At least a portion of the globally addressable unstructured storagesystem is supported by a physical memory system that provides persistentstorage of data. For example, a portion of the storage system can beassigned or mapped to one or more hard disk drives that are on thenetwork or associated with one or more of the network nodes 12 a-12 d aslocal hard disk storage for those particular nodes. Accordingly, FIG. 1illustrates one possible system that provides the network nodes withaccess to a globally addressable unstructured storage system, wherein atleast a portion of the storage space of that system is assigned to atleast a portion of one or more of the persistent storage devices (e.g.,hard disks) to allow the nodes addressably to store and retrieve data toand from the one or more persistent storage devices. The globallyaddressable storage system is described in the above-identified,incorporated-by-reference applications.

Each of the directory service programs 32 a-32 d is a software modulethat couples to the directory service. The directory service program 32a can stream data to, and collect data from, the directory servicesubsystem. Each of the directory service programs 32 a-32 d can be apeer incarnation (i.e., an instance) residing on a different one of thenetwork nodes 12 a-12 d.

One or more of the directory service programs 32 a-32 d can provide agraphical user interface 42 that graphically depicts the directoryservice 22. The graphical user interface 42 could allow a user at anode, for example at node 12 a, to insert directory informationgraphically within the directory service 22. To this end, the directoryservice program 32 a can generate a set of commands that will present astream of data that will result in directory information being storedwithin the directory service 22. As shown in FIG. 1, for node 12 c onlyfor simplicity, that node (which includes a graphical user interface 40)reflects the change to the directory service 22 affected by thedirectory service program 32 a of the node 12 a. In particular, thegraphical user interface 40 of the node 12 c can depict to a user thatcertain directory information is being placed within the directoryservice 22. As illustrated, a system user at node 12 a can direct item50 a to be inserted at a set location within the directory service 22.The directory service program 32 a then places the item 50 a within thedirectory service 22 at the proper location. Moreover, node 12 c detectsthe change within the directory service 22 and reflects that changewithin its graphical user interface 40.

A structured dynamic directory service according to the invention looksto all network nodes like a coherent, single directory service systemwhen in fact it spans all participating nodes coupled to the network.The directory service of the invention differs from known directoryservices in a variety of ways. For example, the directory service of theinvention: maintains data coherence among network nodes; automaticallyreplicates directory information for redundancy and fault tolerance;automatically and dynamically migrates directory information to accountfor varying network usage and traffic patterns; and provides a varietyof other advantages and advances, some of which are disclosed in theabove-identified, incorporated-by-reference applications. Thereplication and migration can be done on the basis of node accessesand/or on the basis of the availability of network resources.

Referring to FIG. 2, a directory service according to the inventionincludes a structured store of data organized as a directory informationset 66. The set 66 is a tree structure starting at a root 80 and endingat a leaf (for example, leaf 82). Each leaf represents a particularpiece of directory information (e.g., user name or password). The set 66thus is a collection of directory information organized hierarchically,for example as a tree structure or as a graph, rooted in the root 80.The non-leaf nodes in the tree (not including the root 80) are theentries 90, 92, 94, 100, 102, 200, 202, and 204, and the leaves in thetree are particular pieces of directory information 91, 82, 84, 86, 201,and 205-212 (e.g., a password or a network printer identifier) or emptyentries. Sub-trees within a set can overlap by linking a leaf or anon-leaf to multiple entries.

The directory service of the invention can, as an option, employ morethan one set. A benefit of breaking up the directory service 60 into aplurality of sets is that it may provide more flexible management forusers of the directory service. As the directory service grows into verylarge sizes (e.g., hundreds of nodes with thousands of gigabits ofstorage), it may be desirable to have the directory informationorganized into groups of management entities such that managementactions can be independently applied to individual groups withoutaffecting the operation of the others.

In a set, the root (e.g., the root 80) provides the starting point tolocate the directory information maintained by the directory service ofthe invention. The root can be, and preferably is, stored in a staticand well-known location on the network (e.g., at a particular address oron one or more network nodes). When a node is accessing a set for thefirst time, it first looks up the root to determine the key associatedwith the set. Once it has determined the key, the node can access theroot of the set. From the root, it then can traverse the set's entiretree to locate the desired piece of directory information.

As an example, in FIG. 2, a network node requesting the password of auser named Jones might pass the following string to the directoryservice: /USERS/JONES/PASSWORD. The directory service would thenreference the set 66 and might find that the root 80 contains a list ofall users, the non-leaf node 90 contains information about the userJones, and the leaf 82 contains user Jones' password. In accordance withthe invention, and as described more fully below, all of thisinformation can reside physically on different network nodes and in factcan migrate from node to node and can be replicated on a plurality ofnetwork nodes.

FIGS. 3, 4A, 4B, and 5 further and more particularly illustrate thestructure of a hierarchical distributed dynamic directory serviceaccording to the invention.

Referring to FIG. 3, a directory record 320 includes a record header 322and one or more directory entries (two are shown, 324 and 326). Eachdirectory entry includes a key field 330 and one or more data fields332. The key field 330 could be, for example, “company name,” and theassociated data field 332 could be “Acme Corporation.” Note that forGUID tree records (described below), there preferably are two datafields, namely “GUID of next record” identifying the identifier of thenext record to be referenced by the directory service and “GUIDresponsible node” identifying the node responsible for the “GUID of nextrecord.” The key field 330 could also be a globally unique identifier(GUID). The data field 332 can include actual directory information (forexample, “Acme Corporation”), information about where to go to locatethe directory information of interest or additional information aboutwhere to go to locate it (for example, a globally unique identifier orGUID), or information about what nodes have copies of the directoryinformation of interest.

In one particular embodiment, directory record 320 can be a page of aglobal address space that spans both persistent (e.g., hard disks) andvolatile (e.g., RAM) storage devices. For example, the page can be a 4kilobyte portion of the shared address space described in theabove-identified, incorporated-by-reference applications. In thisembodiment, the GUIDs are unique addresses of the global address spacesuch as 128-bit addresses in a huge 2¹²⁸ address space.

Referring still to FIG. 3, each directory record 320 includes a recordheader 322 that includes attribute information for that record, and thatattribute information typically is metadata for the directory record.The record 320 further includes one or more directory entries, such asthe depicted directory entries 324 and 326, that provide an index into aportion of the directory service (non-leaf entries) or actual directoryinformation (leaf entries). Accordingly, the non-leaf directory entriessubdivide the directory information maintained by the directory serviceof the invention. For example, if the directory entries 324 and 326 areentries of a GUID tree record, they can subdivide the directory into twosub-portions, with the first portion referencing one-half of thedirectory and the second portion referencing the other half of thedirectory. Accordingly, in this example, the directory entry 324provides an index for half of the directory, and in complement theretothe directory entry 326 provides an index for the other half. Continuingwith this example, each of these directory entries 324, 326 can, via thedata fields, point to other records and responsible nodes in whichdirectory entries have data fields that point to still other records andresponsible nodes and so on until the actual directory information ofinterest is located in some data field of some entry of some record bythe directory service (a so-called leaf entry). The directory servicethen provides that directory information to the requesting node. In thisway, the directory service of the invention provides both (1) locationinformation for directory information maintained by the directoryservice and (2) the actual directory information itself, all in the samedirectory structure.

In accordance with the invention, directory records are indexed byglobally unique identifiers (GUIDs), such as 128-bit values. In thedirectory records, these GUIDs can appear in the data fields or the keyfields of various of the directory entries. As described in more detailbelow, a GUID subtree within the directory provides a map or assignmentof GUIDs to network nodes that have a copy of certain directoryinformation. It is the leaf nodes of the GUID subtree that identify theone or more nodes that have a copy of desired directory information.Once these nodes are identified by the directory service, the directoryservice accesses one or more of them (typically just one of theidentified nodes) to obtain the directory information and then pass itto the requesting node. Optionally, the directory system can choosewhich node to contact to obtain the directory information based on thestate of the global system such as the current load on the various nodesor the quality of the network service between the local node and thenode(s) that have copies of the desired directory record.

Referring to FIG. 4A, to obtain certain desired directory information(e.g., the password of a user named Jones), a network node passes anappropriate key to the directory service (step 500). For example, thenode might pass the following key to the directory service:/USERS/JONES/PASSWORD. The directory service receives the key and eitherlocates the desired directory information and passes it to therequesting node or returns an error if the desired directory informationcannot be found (step 600). More specifically, in attempting to satisfythe request from the node, the directory service of the invention firstdetermines if the key corresponds to directory information that isstored on the node itself in, for example, the node's RAM or on thenode's hard disk (step 602). In the disclosed embodiment, the directoryservice performs step 602 by accessing a lookup table (such as a hashtable) maintained by each of the network nodes. This table identifiesthe directory records that are locally cached on the node. If therequested directory information is stored locally on the requestingnode, the directory service retrieves the requested directoryinformation from the node's local cache and then provides that directoryinformation to the node (step 604). If the requested directoryinformation is not stored locally on the requesting node, the directoryservice recursively invokes itself to access the directory record(s)that have the GUID tree structure, and the directory service descends orwalks the GUID tree by accessing the various records until the desireddirectory entry is located. The leaf node in the GUID tree contains themapping from GUID to the set of nodes caching the record associated withthat GUID. The directory service uses this information to select a nodefrom which it acquires a copy of the desired record (step 606). Thedirectory service then obtains the requested directory information andprovides it to the node (step 608).

It is important to note that, while traversing the GUID tree, thedirectory service first always checks to see if entries indexed by aGUID are cached locally before the directory service invokes recursivelythe GUID tree to locate a copy of the record remotely.

At this point, the directory service can store a copy of (replicate)this directory information (e.g., user Jones' password) on therequesting node. Actually, if replication is performed by the directoryservice, all or a portion of the record that contains this directoryinformation is replicated on the requesting node. If the directoryservice decides to replicate this record on the requesting node, thedirectory service adds the requesting node's identifier (e.g., a number)to the leaf node in the GUID tree that stores the list of nodes cachingthe record associated with the GUID, and the directory service thenupdates or invalidates the local caches of all of the other networknodes that also have that directory record cached locally.

In one embodiment, the directory service makes the decision on whetheror not to replicate based on node access patterns and/or on theavailability of certain network resources. For example, if a node hasrequested a certain record a certain number of times, the directoryservice will replicate that record on that node. The directory servicemonitors and records a variety of network information, including nodeaccess patterns and network resource availability, and some or all ofthis network information is used to determine what records should bereplicated on what nodes. In accordance with the invention, thisreplication feature of the directory service results in certain recordsbeing replicated on the nodes that most often access those records andnot being replicated on (and/or removed from) nodes that access thoserecords less often or not at all. The directory service of the inventionprovides this replication feature dynamically during normal operation,and thus, as access patterns change, the records and the copies of therecords move or migrate among the various network nodes to accommodatethe changing patterns. This replication/migration feature of theinvention points up an important aspect of the invention, and that isthat all of the directory records are homeless (except possibly the rootdirectory record which, while it typically will be replicated, typicallyis placed at fixed locations on the network).

Because the directory records contain, according to the invention, boththe GUID tree structure (i.e., the information about where directoryinformation is located) and the actual directory information, thedirectory structure (i.e., the GUID tree) is dynamically moved andreplicated among the network nodes just as is the directory informationitself.

These dynamic replication and migration features provide tremendousbenefits to networks utilizing the directory service of the invention.For example networks utilizing the directory service of the inventioncan be expanded (i.e., additional nodes can be added to the networkand/or other networks can be interconnected to the network) withoutsubstantially impacting the performance and speed realized by the nodesas they access directory information via the directory service. That is,the directory service scales very well. This is because, once thenetwork is up and running, all nodes generally will have cached locallythe records they most often access, and access times for these nodes forthe directory information that is cached locally will be the same (veryfast) regardless of the size of or the traffic on the network.

Referring to FIG. 4B, the recursive invocations identified in step 606(FIG. 4A) are now described in more detail. Step 606 includes thefollowing substeps that are performed by the directory service. Thedirectory service first locates the root directory record (step 610),and it indexes into that record using the key (e.g.,/USERS/JONES/PASSWORD) passed to it by the requesting node. Thedirectory service then checks to see if a portion of the key (e.g.,/USERS) matches a directory entry in the root directory (step 612). Ifit does not match, the directory service returns an error message to therequesting node (step 614). If there is a corresponding entry in theroot directory, the directory service next determines if that directoryentry contains the requested directory information in its data field(step 616). If so, the directory service retrieves the requesteddirectory information from that data field and provides it to therequesting node (618).

Referring now to FIGS. 4B and 5, a root directory record 400 could bethe root record referred to in step 612. If directory 402 contains therequested directory information in its data field (step 616), thedirectory service need only to index into that entry 402 using the keyand retrieve the requested directory information from the data field.Note that, as indicated in FIG. 5, the root directory record 400 couldbe replicated (401, 403, 405) on three other network nodes in accordancewith the replication feature of the directory service of the invention.In fact, it may be that the root directory record 400 is replicated onall network nodes. This could be reasonable in light of the fact thatevery network node will likely refer to the root directory record whenthe node first invokes the directory service of the invention, andfrequently thereafter.

If the entry in the root directory record does not contain the requesteddirectory information in the entry's data field (step 616 of FIG. 4B),the directory service determines whether the entry's data field containsa GUID (step 620). If it does contain a GUID, this means that the GUIDtree must be navigated by the directory service to located the requesteddirectory information. The directory service thus follows the GUID inthe root directory record's entry's data field to a new directory record(step 628), possibly the GUID tree root directory record (404 in FIG.5). The GUID thus is a logical link to a record that will provide moreinformation about the GUID tree structure and ultimately allow thedirectory service to locate the requested directory information.

As shown in FIG. 5, the GUID in the root directory record's entry's datafield can be a logical link or pointer to a record that is the GUID treeroot directory record 404. As with the root directory record 400, theGUID tree root directory record 404 is likely to be replicated on manyor all of the network nodes. In the example of FIG. 5, two replicas(405, 407) of the record 404 are depicted.

The loop defined by steps 628, 630, and 634 in FIG. 4B illustrates therecursive nature of the directory service. That is, once the GUID treerecords are entered via the GUID tree root directory record 404 (FIG.5), and if the data fields of the appropriate directory entries in theGUID tree records contain GUIDs, the directory service will enter arecursive loop whereby it accesses a plurality of records (identified bythe ellipsis 410 in FIG. 5) until it reaches a record that has adirectory entry with one or more nodes listed its data field (step 622).Such a record is a leaf of the GUID tree structure, and is indicated asrecord 412 in FIG. 5. As with all records maintained by the directoryservice of the invention, this record 412 can be replicated (413) on atleast one other network node. Also, while not presently preferred, ingeneral it is possible at any point during this recursive GUID tree walkto encounter a directory entry having the requested directoryinformation in its data field (step 630 of FIG. 4B), and in such a casethe directory service would retrieve from the data field the requesteddirectory information and provide it to the requesting node (632).

It is important to note that the cache of locally stored directoryentries can be indexed so that at any stage of the GUID tree walkoperation it is possible to obtain the desired record from the localcache instead of the tree structure. For example, if record 398 iscached on the node attempting to lookup “/USERS/JONES/PASSWORD,” thedirectory service will be able to find the locally cached record via ahash lookup for either /USERS/JONES/PAS SWORD or the corresponding GUID.Similarly, while traversing the GUID subtree, the directory servicefirst always checks to see if entries indexed by a GUID are cachedlocally before the directory service invokes recursively the GUID treeto locate a copy of the record remotely.

In the course of the recursion, the various records that the directoryservice accesses lead the directory service to the leaf record 412. Thishappens by the directory service beginning at the GUID tree rootdirectory record 404 and examining the key field of each of thedirectory entries in the record 404 (or one of the copies 405, 407 ofthe record 405 on other nodes in the network) to determine the range inwhich the GUID logical link from the record 400 falls. If the GUIDlogical link from the record 400 falls within the range identified bythe key field of directory entry 409, the GUID in the data field of theentry 409 is used as the logical link or pointer to the next record.This process continues until the ranges in the key fields of thedirectory entries of the subsequent records reduce to a single GUID suchas the GUID “12540” in the key field of a directory entry 411 in theGUID leaf record 412.

Again, while traversing the GUID subtree, the directory service firstalways checks to see if entries indexed by a GUID are cached locallybefore the directory service invokes recursively the GUID tree to locatea copy of the record remotely. In referencing the GUID tree, thedirectory service uses the responsible node information in the datafields of the GUID tree records in the location process.

It is important to realize that all of these records that the directoryservice accesses in this recursive loop (and, in general, even when itis not in the recursive loop) can, and in many instances will, belocated on different network nodes. This is because the directoryservice of the invention is distributed, and in general the records thatmake up the directory and that contain the various pieces of thedirectory information maintained by the directory service are located ondifferent nodes all over the network. As the GUID tree is walked in themanner described herein, the directory service can replicate theaccessed GUID tree records and make them local on the requesting node.This replication is optional and is accomplished as describedhereinabove.

It also is important to realize that the records that describe thestructure of the directory layout (i.e., the GUID tree records) arestored by the directory service in the same manner as it stores therecords having the actual directory information and also maintained bythe directory service in the same way that it maintains the records withthe actual directory information.

Referring to step 622 of FIG. 4B and record 412 of FIG. 5, the datafield in the entry 411 of the GUID leaf record 412 contains a list ofnodes. This is a list of nodes that have a copy of the record thatcontains the requested directory information. The directory service cannow access any one of those listed nodes to obtain the requesteddirectory information (step 624).

Instead of going from the root directory record 400 (or any one of itscopies 401, 403, 405) to walking the GUID tree to obtain the requesteddirectory information, it is possible that the directory service of theinvention will find an entry in the root directory record 400 thatprovides a logical link (e.g., GUID “12540”) in its data field directlyto an entry 399 in a record 398 that has the requested directoryinformation in its data field. It also is possible, as mentionedhereinabove, that an entry 402 in the root directory record 400 itselfwill have the requested directory information in its data field. Atypical situation, however, is when the GUID tree is walked by thedirectory service via the GUID tree records in order to locate andreturn the requested directory information to the requesting networknode.

In accordance with the invention, the directory service tracks ownershipand responsibility for directory information thereby providing a levelof indirection between the actual directory information itself and thephysical location of that directory information on the network.

It should be appreciated that the directory service of the inventioncomprises a hierarchical structured storage mechanism for directoryinformation. To this end, the directory service of the inventionprovides a structure that continually subdivides itself into smaller andsmaller sections. Further, each section is represented by directoryrecords of the same structure, but each section indexes differentamounts (sizes) of directory information.

In accordance with the invention, more frequently accessed directoryinformation is copied and distributed among various network nodes, andrarely used directory information generally will appear on only a fewnetwork nodes. Also, directory records will migrate to those nodes thataccess them most, providing a degree of self-organization that reducesnetwork traffic.

In general, all of the functionality of the directory service of theinvention can be implemented in software. In one embodiment, an instanceof a directory service program resides and executes on each of thenetwork nodes and provides all of the directory service features andfunctionality described herein. It is possible to perform one or more ofthe various functions of the directory service with dedicatedelectronics or a combination of hardware and software, and this hardwaremight be added to a general purpose computer to implement the directoryservice of the invention.

Variations, modifications, and other implementations of what isdescribed herein will occur to those of ordinary skill in the artwithout departing from the spirit and the scope of the invention asclaimed. Accordingly, the invention is to be defined not by thepreceding illustrative description but instead by the spirit and scopeof the following claims.

1-10. (canceled)
 11. At least one computer-readable medium containing aset of executable instructions for causing programmable apparatus toperform a method of obtaining directory information, said method beingoperable on a plurality of nodes interconnected by a network, saidmethod comprising the steps of: providing a distributed directoryservice on the network by installing on each of the nodes a directoryservice program that allows directory parts to be selectively anddynamically migrated between ones of said plurality of nodes, withoutrequiring restructuring the directory, storing on said plurality ofnodes the directory that includes both the directory information andinformation about the location of the directory information on thenetwork, such that said directory is not statically replicated to allnodes of said plurality of nodes; and obtaining both the locationinformation and the directory information by accessing the distributeddirectory service.
 12. The at least one computer-readable medium ofclaim 11 wherein the directory service providing step further comprisesthe step of utilizing the directory service program on each of theplurality of nodes to replicate said directory parts.
 13. The at leastone computer-readable medium of claim 12 wherein the directory serviceproviding step further comprises the step of utilizing the directoryservice program on each of the plurality of nodes to selectively anddynamically replicate said directory parts based on the number ofaccesses of the directory service by each of said nodes.
 14. The atleast one computer-readable medium of claim 12 wherein the directoryservice providing step further comprises the step of utilizing thedirectory service program on each of the plurality of nodes toselectively and dynamically replicate said directory parts based onavailable resources on the network.
 15. The at least onecomputer-readable medium of claim 11 wherein the distributed directoryservice providing step further comprises the step of utilizing thedirectory service program on each of the plurality of nodes toselectively and dynamically migrate said directory parts based on thenumber of accesses of the distributed directory service by the nodes.16. The at least one computer-readable medium of claim 11 wherein thedistributed directory service providing step further comprises the stepof utilizing the directory service program on each of the plurality ofnodes to selectively and dynamically migrate said directory parts basedon available resources on the network.